GitHub announced their updated community guidelines that explain how the company will deal with exploits and malware samples hosted on their service.

Security researcher uploaded the sample of ProxyLogon Vulnerability in GitHub back in the month of March , Soon after uploading the exploit, Jang received an email from Microsoft-owned GitHub stating that PoC exploit was removed as it violated the Acceptable Use Policies.GitHub said they took down the PoC to protect Microsoft Exchange servers that were being heavily exploited at the time using the vulnerability.

“We understand that the publication and distribution of proof of concept exploit code has educational and research value to the security community, and our goal is to balance that benefit with keeping the broader ecosystem safe. In accordance with our Acceptable Use Policies, GitHub disabled the gist following reports that it contains proof of concept code for a recently disclosed vulnerability that is being actively exploited.” – GitHub.

GitHub faced immediate backlash from security researchers who felt that GitHub was policing the disclosure of legitimate security research simply because it was affecting a Microsoft product.

GitHub updated guidelines

GitHub issued a ‘call for feedback‘ to the cybersecurity community regarding their policies for malware and exploits hosted on GitHub.null

GitHub officially announced that repositories created to host malware for malicious campaigns, act as a command and control server, or are used to distribute malicious scripts, are prohibited.

However, the uploading of PoC exploits and malware are permitted as long as they have a dual-user purpose.

In the context of malware and exploits, dual-use means content that can be used for the positive sharing of new information and research while at the same time can also be used for malicious purposes.

The key changes added to the GitHub guidelines are summarized below.

  • We explicitly permit dual-use security technologies and content related to research into vulnerabilities, malware, and exploits. 
  • We have clarified how and when we may disrupt ongoing attacks that are leveraging the GitHub platform as an exploit or malware content delivery network (CDN). 
  • We made clear that we have an appeals and reinstatement process directly in this policy. 
  • We’ve suggested a means by which parties may resolve disputes prior to escalating and reporting abuse to GitHub. 

While dual-use content is allowed, the new GitHub guidelines around PoCs and malware states that they retain the right to remove dual-use content, such as exploits or malware, to disrupt active attacks or malware campaigns utilizing GitHub.